Canadian Indentity-Privacy Pioneer Austin Hill Has a Message for the Founders of Whisper and Secret

Two new apps called Secret and Whisper that encourage anonymous posting were all the conversation last week among high-profile VCs and bloggers alike.

This morning, Canada’s internet privacy pioneer Austin Hill took to Medium to share his thoughts on the issue of the morality of such anonymity apps and the problems that can arise. Hill, the former founder of Zero-Knowledge systems as well as one of Canada’s first Internet Service Providers, wrote a really long, and really insightful piece.

Let start with the problem: one week ago Whisper raised $30 million on a $200 million valuation. On Friday it was revealed that Secret raised $8.6 million in venture capital from several high-profile investors, including Alexis Ohanian, MG Siegler of Google Ventures and even Ashton Kutcher and Joe Montana.

These apps are similar in that they allow users to anonymously share things, usually rumours. Secret seems to be linked to the Silicon Valley crowd while Whisper is an app that caters more to a younger, university-aged crowd, and is an evolution of the now defunct PostSecret app which let users send anonymous secrets on postcards.

The problem, of course, is that any app that allows anonymity cultivates a breeding ground for hate, cruelty, lies and slander. However, supporters of these apps have brought up extremely touching instances where cries for help on the sites have been met with tons of supportive feedback.

Mark Suster wrote a very thoughtful piece on how Secret is nothing more than TMZ: “It’s gossip. Slander. Hateful. Hurtful. It’s everything the Valley claims to hate about LA but seemingly are falling over themselves at cocktail parties to check 5 times a night.”

But if there’s one guy who we should all really want to know what he thinks, it’s probably Hill. After all, this is the guy that founded Zero-Knowledge Systems, raising the most amount of money every for a company building anonymity systems, at $77 million. It was a a Canadian privacy technology software and services company that essentially allowed users to freely send mail via cryptographic pseudonyms. In his time building the company Hill sparred with the NSA, FBI and Interpol over digital civil liberties. He was even was on 60 minutes as the advocate of citizens’ right to be anonymous.

His warning to people over apps like Whisper and Secret was this:

“The choices we make in our product development and technologies shape the world and create emotional reactions in our users. This is more true in social software then most other sectors.”

As a champion of Internet privacy, Hill wrote that there are very important roles for anonymity systems if they’re properly designed and implemented. Such examples involve human rights workers, citizens seeking anti-censorship techniques and counter-surveillance uses, and that’s not even mentioning Bitcoin protection. Along with human rights and commerce, there’s even positive potential for dating, as Hill argued that there’s a huge amount of people who won’t play the Tinder game, yet yearn for something more private.

Zero-Knowledge System’s thesis was that pseudonymous identities would spur meaningful conversation while holding individuals accountable. The community would also hold them accountable. In the end they saw saw “thousands of more positive uses of our technology than ever negative.”

But, “when a participant… has no identity or feels free from the responsibility of their actions in social interactions communities quickly degenerate into a race to the bottom,” wrote Hill. “This is when trolls, abusers and the worst part of our humanity starts to become a strategic advantage in seeing your actions get more attention by continuing to push the envelope of acceptable behaviour.”

But what about Whisper and Secret?

Hill called their security models “horrendous and irresponsible,” giving the user an illusion of privacy, encouraging them to say things without the burden of identity. When rumours and harrassment lead to litigation or suicide, “We will see both these companies and their users who thought they were anonymous dragged into court,” warned Hill.

He said neither company has done the bare minimum to develop a security model that backs up their claims of anonymity, and that it’s the “pinnacle of irresponsibility” to ignore basic security, cryptography, litigation and network design threat modelling while promoting anonymity.

Hill ended his piece off with four major concerns (among many possible):

1. “By tapping into people’s social graph and then equipping users of the app with the ability to spread secrets / rumours within a geographic or social graph circle you are upsetting the balance of power for information disclosure. I can easily choose to delete the app, yet a group of my friends (and their friends) can now harass or libel me without my participation. So those who participate and choose to be anonymous, have more power in the spreading of rumors or secrets about others then those who choose to opt out.”

2. Provide a blinded or selective disclosure double spend identity token for cases of extreme abuse and advertise it prominently to users. Dr. David Chaum and Dr. Stefan Brands both have developed technology that allows for cryptographic anonymity that is reversible in certain situations. An abuse policy that clearly states that certain types of abuse will lead to the abuse team at Secret being able to obtain your phone number or Facebook ID would immediately offset the more extreme types of direct bullying, harrasement or clear violations of terms of service.

3. “For god sake, implement TOR in your app. If for no other reason then to protect yourself against having information that becomes the target of the civil, criminal or hacking attacks.” (TOR is free software for enabling online anonymity and censorship resistance. Hill claims to have built the pre-TOR TOR with Zero-Knowledge Systems).

4. Provide a clear automated way for users to report or flag abusive secrets and default to removing posts until your abuse team can review. Limit the amount of time a vicious rumor can be posted, or better yet — if a user develops a k/n negative reputation metric force a k/n social graph approval policy before a secret can be posted so that they have to earn back their right to post secrets.